package com.xiaojiezhu.shiro.spring.configuration;

import com.xiaojiezhu.shiro.spring.shiro.AuthRealm;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.ServletContainerSessionManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.HashMap;
import java.util.Map;

/**
 * @Author 朱小杰
 * 时间 2017-08-06 .23:30
 * 说明 ...
 */
@Configuration
@AutoConfigureAfter(name = "lifecycleBeanPostProcessor",value = AuthRealm.class)
public class ShiroConfiguration {

    @Bean
    public AuthRealm authRealm(){
        return new AuthRealm();
    }
    @Bean
    public SecurityManager  securityManager(){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(authRealm());
        securityManager.setSessionManager(new ServletContainerSessionManager());//使用web的session管理器


        return securityManager;
    }

    /**
     * 配置shiro核心过滤器
     * @return
     */
    @Bean(name = "shiroFilter")
    public ShiroFilterFactoryBean shirlFilter(){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        bean.setSecurityManager(securityManager());
        bean.setLoginUrl("/loginIndex"); //登陆页面
        bean.setUnauthorizedUrl("/guest");  //权限认证失败的页面

        //=>过滤不需要权限的页面
        Map<String,String> permissionDefine = new HashMap<>();
        permissionDefine.put("/loginIndex","anon");//anon代表不需要权限即可访问
        permissionDefine.put("/user/login","anon");//anon代表不需要权限即可访问
        permissionDefine.put("/login","anon");
        permissionDefine.put("/**","authc");//authc代表着需要权限访问
        permissionDefine.put("/student","roles[teacher]");//需要teacher角色
        permissionDefine.put("/teacher","perms[admin:create]");//需要teacher角色
        bean.setFilterChainDefinitionMap(permissionDefine);

        return bean;
    }

    /**
     *
     * 保证实现了Shiro内部lifecycle函数的bean执行
     * @return
     */
    @Bean
    public LifecycleBeanPostProcessor shiroLifecycle(){
        return new LifecycleBeanPostProcessor();
    }


    @Bean()

    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator(){
        DefaultAdvisorAutoProxyCreator p = new DefaultAdvisorAutoProxyCreator();
        return p;
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(){
        AuthorizationAttributeSourceAdvisor v = new AuthorizationAttributeSourceAdvisor();
        v.setSecurityManager(securityManager());
        return v;
    }


}
